Award-winning news, views, and insight from the ESET security community

Compressed URLs & Twitter

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at

If you use Twitter for this or other purposes, you’re probably aware that the site compresses URLs posted in tweets, usually with bit.ly, as far as I can see. You’re probably well aware that compressed URLs are frequently used by malware authors et al to conceal the true URL. bit.ly addresses this problem by filtering links through Google Safe Browsing, SURBL and SpamCop, which is reassuring, but is unlikely to catch every malicious site. bit.ly also makes available a Preview Plugin for Firefox that allows users to see more information about a site before they click on it. (Apparently Tweetdeck has a similar feature.) However, there’s no plugin for Internet Explorer (or, I presume, Chrome, Safari etc: I haven’t looked).

Personally, I prefer the tinyURL.com approach, which is browser-independent. If you go to tinyURL.com, you can enable a setting that will allow you to preview the real link whenever you click on a tinyURL on that particular machine. Alternatively, the person creating a tinyURL can send a version that begins http://preview.tinyurl.com/…

I started using these a while ago, but got a couple of adverse comments from people who didn’t want to see the redirect. However, thinking about it (and given the increase in malicious compressed URLs) I’ve decided to start doing it again. Not because it will eliminate the problem altogether (I’m sure it won’t!) but because it might at least make people aware that there’s a slightly safer way of doing it without telling them which browser they should be using. If you don’t like the redirect, all you have to do is paste the URL into your browser and delete the “preview.” substring that comes after the “http://”.